MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f93bc8a8c04b2a9ebd71eeb34d40019172a7a259e591282f40b583330c32720. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4f93bc8a8c04b2a9ebd71eeb34d40019172a7a259e591282f40b583330c32720
SHA3-384 hash: ec6d39832fe8aa982fde3ee07de8444c1fba5d5ed982df81835f589911cca9abb35b7f247f5c853d7af4848fde88fe88
SHA1 hash: fcafc22389b8f0e4a3395b89564dc17d2ee6a57c
MD5 hash: 2ff900b42a29aaf58739543e26fc1ff6
humanhash: lima-december-double-hydrogen
File name:MariyelsTherapy.rar
Download: download sample
File size:82'879'873 bytes
First seen:2024-03-20 15:54:25 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 1572864:tX6LBYNOEhwytNEH6vYQxwrBZHBFdNYZvpXuyUsAI4:tOuNOPytNEKRxEzFCHUsAf
TLSH T1E208337A23497235F87831FD5D3D1AEFDB58E060678134F36C7F99828C47C8269688A6
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter beansoup
Tags:discord rar

Intelligence

File Origin
# of uploads :
1
# of downloads :
141
Origin country :
NL NL
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:MariyelsTherapy.exe
File size:82'879'697 bytes
SHA256 hash: f96156a90a64cbe2fc1e09223065f670306b4172bd548a06f20d5106292adc53
MD5 hash: 9f879935bfa26dd6adf6c245ddda43d0
MIME type:application/x-dosexec
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
installer lolbin overlay packed shell32
Link:
https://www.filescan.io/uploads/65fb06dd5cd908a33dba5a3c/reports/2f5e6eeb-2204-411a-91ca-2f7207c1a9f3/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/4f93bc8a8c04b2a9ebd71eeb34d40019172a7a259e591282f40b583330c32720
Result
Verdict:
MALICIOUS
Score:
6%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/4f93bc8a8c04b2a9ebd71eeb34d40019172a7a259e591282f40b583330c32720
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=j6j3zcumaszkt26xd3vtjvaadelsu6rftzmrfaxubnmdgmgde4qa._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery spyware stealer
Link:
https://tria.ge/reports/240320-trzfaade2t/
Behaviour
Checks processor information in registry
Enumerates processes with tasklist
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks installed software on the system
Looks up external IP address via web service
Drops startup file
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

rar 4f93bc8a8c04b2a9ebd71eeb34d40019172a7a259e591282f40b583330c32720

(this sample)

Executable exe f96156a90a64cbe2fc1e09223065f670306b4172bd548a06f20d5106292adc53

  
Link
https://mariyelstherapy.org/
  
Dropping
SHA256 f96156a90a64cbe2fc1e09223065f670306b4172bd548a06f20d5106292adc53
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2788234/
  
Dropping
MD5 9f879935bfa26dd6adf6c245ddda43d0

Comments